[Openswan Users] Openswan + L2TP

Norman Rasmussen normanr at gmail.com
Sat Aug 13 14:52:54 CEST 2005


name = LinuxVPNserver
# must match the second field in /etc/ppp/chap-secrets entries

*       markin  "teste" 192.168.99.130
markin  *       "teste" 192.168.99.130

LinuxVPNserver != markin

either change LinuxVPNserver to markin, or markin to LinuxVPNserver.

or did you maybe mean:
markin  LinuxVPNserver "teste" 192.168.99.130 ?

The layout of the network doesn't affect auth.

On 13/08/05, Marcos Ferreira da Silva <marcosfs at centershop.com.br> wrote:
> Em Sáb, 2005-08-13 às 00:20 +0200, Norman Rasmussen escreveu:
> > FYI: in /etc/ppp/options.l2tpdipcp-accept-local you might want to add 'name'
> >
> > this is what my debian system has:
> >
> > # Name of the local system for authentication purposes
> > # (must match the second field in /etc/ppp/chap-secrets entries)
> > name l2tpd
> >
> 
> my l2tpd.conf:
> [global]
> ;listen-addr = 192.168.99.1
> 
> [lns default]
> ip range = 192.168.99.128-192.168.99.254
> local ip = 192.168.99.2
> require chap = yes
> refuse pap = yes
> require authentication = yes
> name = LinuxVPNserver
> ppp debug = yes
> pppoptfile = /etc/ppp/options.l2tpd
> length bit = yes
> 
> my chap-secrets:
> # Usuario Teste
> *       markin  "teste" 192.168.99.130
> markin  *       "teste" 192.168.99.130
> 
> my options.l2tpd:
> ms-dns  192.168.99.1
> ms-wins 192.168.99.1
> noccp
> auth
> crtscts
> idle 1800
> mtu 1410
> mru 1410
> nodefaultroute
> debug
> lock
> connect-delay 5000
> silent
> logfile /var/log/l2tpd.log
> 
> If I put noauth, the client get the IP 192.168.99.130 and I connect
> perfectly.  But if I put auth the errors is:
> 
> /usr/sbin/pppd: The remote system is required to authenticate itself
> /usr/sbin/pppd: but I couldn't find any suitable secret (password) for
> it to use to do so.
> /usr/sbin/pppd: (None of the available passwords would let it use an IP
> address.)
> 
> 
> > On 13/08/05, Norman Rasmussen <normanr at gmail.com> wrote:
> > > > Cliente: 192.168.1.2
> > > > Server: 192.168.1.1
> > > > Network:  192.168.99.0/24
> > >
> > > um, I assume the server has another network card with an ip in the
> > > network range?
> > >
> > > more like (THIS IS AN EXAMPLE)
> > > Server:
> > > eth0: 192.168.1.1 (network 192.168.1.0/24)
> > > eth1: 192.168.99.1 (network 192.168.99.0/24)
> > >
> > > I guess you could do it via aliasing too (i.e. eth0 and eth0:1)
> > >
> > > --
> > > - Norman Rasmussen
> > >  - Email: norman at rasmussen.co.za
> > >  - Home page: http://norman.rasmussen.co.za/
> > >
> 
> My Network
> Server:
> ppp0 (eth0): Internet
> eth1   = 192.168.99.1 (192.168.99.0/24)
> eth1:0 = 192.168.99.2 (192.168.99.0/24)
> eth2   = 192.168.1.1 (192.168.1.0/24)
> 
> client --- (eth2) Server (eth1) --- network
> 
> My system is fedora core 4, openswan without klips, and I put the l2tpd
> to listen in all interfaces.  But in this case the client can connect
> directly in l2tpd without pass via IPSec.  Should I compile the openswan
> with klips (fedora 4) to resolve this problem and put the l2tpd in
> internal interface?
> 
> Does someone compiled the openswan-klips at fedora 4?
> 
> Marcos
> 
> 


-- 
- Norman Rasmussen
 - Email: norman at rasmussen.co.za
 - Home page: http://norman.rasmussen.co.za/


More information about the Users mailing list